A voir également:
- Besoin d'aide pour éliminer Trojan Metajuan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32 trojan gen - Forum Virus / Sécurité
- Windows defender avertissement de sécurité trojan spyware - Forum Windows 10
- Trojan wacatac ✓ - Forum Virus / Sécurité
- Trojan agent ✓ - Forum Virus / Sécurité
101 réponses
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
11 mars 2008 à 09:24
11 mars 2008 à 09:24
Le lien remarchait en effet chez moi aussi hier soir.
Alors j'ai fait tourner Clean jusqu'à avoir le rapport et là, Active protect de Norton s'est activé d'un coups et m'a indiqué environ une quinzaine de menaces trojan Vundo alors que ça faisait quelques jours qu'il ne disait plus rien... Et je n'arrivais plus à ouvrir une page IE pendant plus de 5s, elle se fermait automatiquement.
En tout cas, voici le rapport:
10/03/2008 a 18:04:34,06
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
*** Fin du rapport !
Alors j'ai fait tourner Clean jusqu'à avoir le rapport et là, Active protect de Norton s'est activé d'un coups et m'a indiqué environ une quinzaine de menaces trojan Vundo alors que ça faisait quelques jours qu'il ne disait plus rien... Et je n'arrivais plus à ouvrir une page IE pendant plus de 5s, elle se fermait automatiquement.
En tout cas, voici le rapport:
10/03/2008 a 18:04:34,06
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
*** Fin du rapport !
Re ,
Redémarre en MSE
Re-lance clean -> Choisis l'option 2
Clean va travailler.
Un rapport Va etre généré , poste le moi ;)
****************************
Bizarre pour Norton ...
On va vérifier ,
Va sur ce site , /!\ Internet Explorer obligatoire /!\ , Clique sur ' J'accepte ' , Installe les ActiveX si necessaire ,et vérifie si ils sont bien configurés Clique sur ' installer ' puis ' click here to scan '( ou : cliquez ici pour scanner ).
Et poste moi le rapport.
a+
Redémarre en MSE
Re-lance clean -> Choisis l'option 2
Clean va travailler.
Un rapport Va etre généré , poste le moi ;)
****************************
Bizarre pour Norton ...
On va vérifier ,
Va sur ce site , /!\ Internet Explorer obligatoire /!\ , Clique sur ' J'accepte ' , Installe les ActiveX si necessaire ,et vérifie si ils sont bien configurés Clique sur ' installer ' puis ' click here to scan '( ou : cliquez ici pour scanner ).
Et poste moi le rapport.
a+
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
11 mars 2008 à 14:45
11 mars 2008 à 14:45
En attendant la fin du scan BitDefender (fin programmée dans 3h), voici le scan de Clean:
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 11/03/2008 a 14:15:26,35
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 11/03/2008 a 14:15:26,35
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
13 mars 2008 à 09:10
13 mars 2008 à 09:10
Voici le rapport BitDefender:
BitDefender Online Scanner
Scan report generated at: Wed, Mar 12, 2008 - 16:55:42
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
02:09:42
Files
740868
Folders
9439
Boot Sectors
3
Archives
8515
Packed Files
78058
Results
Identified Viruses
11
Infected Files
47
Suspect Files
2
Warnings
0
Disinfected
0
Deleted Files
49
Engines Info
Virus Definitions
986898
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080204 164125.aawqff=>(Embedded EXE g)
Detected with: Spyware.Tool.Hidewindows.D
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080204 164125.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080204 164125.aawqff
Update failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Suspected of: Macro.VBA
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Disinfection failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Deleted
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab
Update failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Suspected of: Macro.VBA
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Disinfection failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Deleted
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab
Update failed
C:\Program Files\eMule\Incoming\Secured Downloading of serial number autocad 2006 with New Secured eMule.zip=>SecuredeMule_09_FR_FF.EXE=>wise0017=>(NSIS o)=>lzma_nsis0014
Detected with: Adware.Shopper.L
C:\Program Files\eMule\Incoming\Secured Downloading of serial number autocad 2006 with New Secured eMule.zip=>SecuredeMule_09_FR_FF.EXE=>wise0017=>(NSIS o)=>lzma_nsis0014
Deleted
C:\Program Files\eMule\Incoming\Secured Downloading of serial number autocad 2006 with New Secured eMule.zip=>SecuredeMule_09_FR_FF.EXE=>wise0017=>(NSIS o)
Update failed
C:\Program Files\eMule\Incoming\Secured Downloading of serial number quarkxpress with new Secured Browser.zip=>SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Detected with: Adware.ShoppingReport.A
C:\Program Files\eMule\Incoming\Secured Downloading of serial number quarkxpress with new Secured Browser.zip=>SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Deleted
C:\Program Files\eMule\Incoming\Secured Downloading of serial number quarkxpress with new Secured Browser.zip=>SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)
Update failed
C:\Program Files\eMule\Incoming\SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Detected with: Adware.ShoppingReport.A
C:\Program Files\eMule\Incoming\SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Deleted
C:\Program Files\eMule\Incoming\SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)
Update failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/123lfd.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/123lfd.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/123lfd.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/4xcsd32.exe.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/4xcsd32.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/55d.exe.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/55d.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbbn.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbbn.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbbn.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbs.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbs.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbs.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/agnnoamt.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/agnnoamt.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/agnnoamt.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/awtspoo.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/awtspoo.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/awtspoo.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/bda145789.exe.bad.vir
Infected with: Trojan.Vundo.EBC
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/bda145789.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/byxyayw.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/byxyayw.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/byxyayw.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxywut.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxywut.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxywut.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxyyya.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxyyya.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxyyya.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/efcccya.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/efcccya.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/efcccya.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccaaay.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccaaay.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccaaay.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccawwt.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccawwt.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccawwt.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccbbyw.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccbbyw.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccbbyw.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/geeda.dll.bad.vir
Infected with: Trojan.Vundo.EBI
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/geeda.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/mljkifg.dll.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/mljkifg.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/nnnnopp.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/nnnnopp.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/nnnnopp.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/qomkjjh.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/qomkjjh.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/qomkjjh.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/ssqpm.dll.bad.vir
Infected with: Trojan.Vundo.EBI
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/ssqpm.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvtuvu.dll.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvtuvu.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvvutq.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvvutq.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvvutq.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/urqnoli.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/urqnoli.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/urqnoli.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtsqr.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtsqr.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtsqr.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusppm.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusppm.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusppm.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusron.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusron.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusron.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtutuvv.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtutuvv.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtutuvv.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywtrs.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywtrs.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywtrs.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywttq.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywttq.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywttq.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/yayxxxw.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/yayxxxw.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/yayxxxw.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/zsdf43a.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/zsdf43a.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/zsdf43a.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvtq.dll.vir
Infected with: Trojan.Vundo.EBP
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvtq.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvvu.dll.vir
Infected with: Trojan.Vundo.EBP
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvvu.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dnkngiar.dll.vir
Infected with: Trojan.Vundo.EBM
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dnkngiar.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qrxdbaeg.dll.vir
Infected with: Trojan.Vundo.EBM
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qrxdbaeg.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/uhuypoir.dll.vir
Infected with: Trojan.Vundo.EBM
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/uhuypoir.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/_OTMoveIt/MovedFiles/02122008_135852/WINDOWS/system32/vtusron.dll.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/_OTMoveIt/MovedFiles/02122008_135852/WINDOWS/system32/vtusron.dll.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/_OTMoveIt/MovedFiles/02122008_135852/WINDOWS/system32/vtusron.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>pmkjk.dll
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>pmkjk.dll
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>pmkjk.dll
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>tuvvwtu.dll
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>tuvvwtu.dll
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>tuvvwtu.dll
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/WinUpdating.exe
Infected with: Trojan.Delf.Inject.F
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/WinUpdating.exe
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/WinUpdating.exe
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/NTSpool.exe
Infected with: Worm.P2P.Agent.N
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/NTSpool.exe
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/NTSpool.exe
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz
Updated
C:\WINDOWS\system32\NTSpool.exe
Infected with: Worm.P2P.Agent.N
C:\WINDOWS\system32\NTSpool.exe
Disinfection failed
C:\WINDOWS\system32\NTSpool.exe
Deleted
C:\WINDOWS\system32\WinUpdating.exe
Infected with: Trojan.Delf.Inject.F
C:\WINDOWS\system32\WinUpdating.exe
Disinfection failed
C:\WINDOWS\system32\WinUpdating.exe
Deleted
BitDefender Online Scanner
Scan report generated at: Wed, Mar 12, 2008 - 16:55:42
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
02:09:42
Files
740868
Folders
9439
Boot Sectors
3
Archives
8515
Packed Files
78058
Results
Identified Viruses
11
Infected Files
47
Suspect Files
2
Warnings
0
Disinfected
0
Deleted Files
49
Engines Info
Virus Definitions
986898
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080204 164125.aawqff=>(Embedded EXE g)
Detected with: Spyware.Tool.Hidewindows.D
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080204 164125.aawqff=>(Embedded EXE g)
Deleted
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\Ad-Aware QF 20080204 164125.aawqff
Update failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Suspected of: Macro.VBA
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Disinfection failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Deleted
C:\Documents and Settings\R&D\Mes documents\Logiciels\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab
Update failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Suspected of: Macro.VBA
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Disinfection failed
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab=>(IShield Module 31)
Deleted
C:\Documents and Settings\R&D\Mes documents\Logiciels\Solid works 2005\Solid works 2005\Solid Works 2005 Crack\Cosmos 2003 (Works Motion Flow Plus License)\Cosmos (Motion 2003, Works 2003, Floworks 2003)\Cosmos Floworks 2003\data2.cab
Update failed
C:\Program Files\eMule\Incoming\Secured Downloading of serial number autocad 2006 with New Secured eMule.zip=>SecuredeMule_09_FR_FF.EXE=>wise0017=>(NSIS o)=>lzma_nsis0014
Detected with: Adware.Shopper.L
C:\Program Files\eMule\Incoming\Secured Downloading of serial number autocad 2006 with New Secured eMule.zip=>SecuredeMule_09_FR_FF.EXE=>wise0017=>(NSIS o)=>lzma_nsis0014
Deleted
C:\Program Files\eMule\Incoming\Secured Downloading of serial number autocad 2006 with New Secured eMule.zip=>SecuredeMule_09_FR_FF.EXE=>wise0017=>(NSIS o)
Update failed
C:\Program Files\eMule\Incoming\Secured Downloading of serial number quarkxpress with new Secured Browser.zip=>SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Detected with: Adware.ShoppingReport.A
C:\Program Files\eMule\Incoming\Secured Downloading of serial number quarkxpress with new Secured Browser.zip=>SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Deleted
C:\Program Files\eMule\Incoming\Secured Downloading of serial number quarkxpress with new Secured Browser.zip=>SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)
Update failed
C:\Program Files\eMule\Incoming\SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Detected with: Adware.ShoppingReport.A
C:\Program Files\eMule\Incoming\SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)=>lzma_nsis0004
Deleted
C:\Program Files\eMule\Incoming\SecuredeIE_10_FR_SS.EXE=>wise0014=>(NSIS o)=>lzma_nsis0015=>(NSIS o)
Update failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/123lfd.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/123lfd.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/123lfd.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/4xcsd32.exe.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/4xcsd32.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/55d.exe.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/55d.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbbn.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbbn.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbbn.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbs.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbs.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/5jvbs.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/agnnoamt.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/agnnoamt.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/agnnoamt.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/awtspoo.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/awtspoo.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/awtspoo.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/bda145789.exe.bad.vir
Infected with: Trojan.Vundo.EBC
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/bda145789.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/byxyayw.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/byxyayw.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/byxyayw.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxywut.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxywut.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxywut.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxyyya.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxyyya.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/cbxyyya.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/efcccya.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/efcccya.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/efcccya.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccaaay.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccaaay.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccaaay.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccawwt.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccawwt.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccawwt.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccbbyw.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccbbyw.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/fccbbyw.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/geeda.dll.bad.vir
Infected with: Trojan.Vundo.EBI
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/geeda.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/mljkifg.dll.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/mljkifg.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/nnnnopp.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/nnnnopp.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/nnnnopp.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/qomkjjh.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/qomkjjh.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/qomkjjh.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/ssqpm.dll.bad.vir
Infected with: Trojan.Vundo.EBI
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/ssqpm.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvtuvu.dll.bad.vir
Infected with: Trojan.Vundo.DZA
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvtuvu.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvvutq.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvvutq.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/tuvvutq.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/urqnoli.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/urqnoli.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/urqnoli.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtsqr.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtsqr.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtsqr.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusppm.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusppm.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusppm.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusron.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusron.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtusron.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtutuvv.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtutuvv.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/vtutuvv.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywtrs.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywtrs.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywtrs.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywttq.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywttq.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/xxywttq.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/yayxxxw.dll.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/yayxxxw.dll.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/yayxxxw.dll.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/zsdf43a.exe.bad.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/zsdf43a.exe.bad.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/VundoFix Backups/zsdf43a.exe.bad.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvtq.dll.vir
Infected with: Trojan.Vundo.EBP
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvtq.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvvu.dll.vir
Infected with: Trojan.Vundo.EBP
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/awvvu.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dnkngiar.dll.vir
Infected with: Trojan.Vundo.EBM
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/dnkngiar.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qrxdbaeg.dll.vir
Infected with: Trojan.Vundo.EBM
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/qrxdbaeg.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/uhuypoir.dll.vir
Infected with: Trojan.Vundo.EBM
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/uhuypoir.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/_OTMoveIt/MovedFiles/02122008_135852/WINDOWS/system32/vtusron.dll.vir
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/_OTMoveIt/MovedFiles/02122008_135852/WINDOWS/system32/vtusron.dll.vir
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/_OTMoveIt/MovedFiles/02122008_135852/WINDOWS/system32/vtusron.dll.vir
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>pmkjk.dll
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>pmkjk.dll
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>pmkjk.dll
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>tuvvwtu.dll
Infected with: Trojan.Vundo.Gen.2
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>tuvvwtu.dll
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip=>tuvvwtu.dll
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>qoobox/Quarantine/catchme2008-02-12_170612.18.zip
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/WinUpdating.exe
Infected with: Trojan.Delf.Inject.F
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/WinUpdating.exe
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/WinUpdating.exe
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/NTSpool.exe
Infected with: Worm.P2P.Agent.N
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/NTSpool.exe
Disinfection failed
C:\upload_moi_RETD.tar.gz=>upload_moi.tar=>WINDOWS/System32/NTSpool.exe
Deleted
C:\upload_moi_RETD.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_RETD.tar.gz
Updated
C:\WINDOWS\system32\NTSpool.exe
Infected with: Worm.P2P.Agent.N
C:\WINDOWS\system32\NTSpool.exe
Disinfection failed
C:\WINDOWS\system32\NTSpool.exe
Deleted
C:\WINDOWS\system32\WinUpdating.exe
Infected with: Trojan.Delf.Inject.F
C:\WINDOWS\system32\WinUpdating.exe
Disinfection failed
C:\WINDOWS\system32\WinUpdating.exe
Deleted
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
17 mars 2008 à 10:39
17 mars 2008 à 10:39
Et un petit rappport Hijack This!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:15, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SAV\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\flexlm\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Solidworks 2007\sldworks.exe
C:\DOCUME~1\R&D\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Tribook.Net\Tribook.Net.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\EasyPHP1-8\easyphp.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [708c159f] rundll32.exe "C:\WINDOWS\system32\qmmcrvrd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvtrro - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:15, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SAV\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\flexlm\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Solidworks 2007\sldworks.exe
C:\DOCUME~1\R&D\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Tribook.Net\Tribook.Net.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\EasyPHP1-8\easyphp.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\Apache\apache.exe
C:\PROGRA~1\EASYPH~1\MySql\bin\mysqld.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [708c159f] rundll32.exe "C:\WINDOWS\system32\qmmcrvrd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvtrro - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re ,
Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
→ Enregistre-le sur ton bureau
→ Lancer 'OAD.exe' en faisant un double clique sur le fichier
→ Saisir la valeur recherchée -> ' qmmcrvrd.dll ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.
------------- Patienter. --------------
→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.
Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore
Recommence avec tuvtrro
Télécharger OAD (Outil d'Aide au Diagnostic) < http://sosvirus.changelog.fr/OAD.exe >
→ Enregistre-le sur ton bureau
→ Lancer 'OAD.exe' en faisant un double clique sur le fichier
→ Saisir la valeur recherchée -> ' qmmcrvrd.dll ' ( fait un copier/coller )
→ Type de recherche : sélectionner l'option 6 puis valide [entrée]
→ OAD va maintenant rechercher le fichier.
→ Laisse-le travailler jusqu'à ce qu'il en ait terminé.
→ Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes.
------------- Patienter. --------------
→ Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé.
→ Faire un copier/coller de ce rapport dans ton prochain post.
Note: Certains Antivirus peuvent émettre une alerte lors du téléchargement / utilisation > ignore
Recommence avec tuvtrro
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
18 mars 2008 à 09:17
18 mars 2008 à 09:17
Malheureusement, comme la dernière fois, OAD ne tourne pas. J'ai juste une fenêtre qui s'ouvre pendant une fraction de seconde après avoir double-cliquer sur OAD.exe mais elle se referme très vite et rien ne se passe...
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
19 mars 2008 à 13:45
19 mars 2008 à 13:45
Rapport du scan Combofix:
ComboFix 08-03-18.1 - R&D 2008-03-19 12:35:18.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1316 [GMT 1:00]
Endroit: C:\Documents and Settings\R&D\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-14 10:52 . 2008-03-19 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-13 09:50 . 2008-03-13 09:52 <REP> d-------- C:\Program Files\EasyPHP1-8
2008-03-10 18:05 . 2008-03-12 16:42 19,108,045 --a------ C:\upload_moi_RETD.tar.gz
2008-03-10 14:28 . 2008-03-10 14:28 <REP> d-------- C:\Program Files\Bonjour
2008-03-10 14:21 . 2008-03-10 14:21 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-10 11:22 . 2008-03-10 11:39 <REP> d-------- C:\Program Files\PhotoFiltre
2008-03-10 09:13 . 2008-03-10 09:13 <REP> d-------- C:\Program Files\CleanUp!
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\R&D\Application Data\DassaultSystemes
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-06 13:41 . 2007-04-25 10:38 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-06 13:41 . 2007-04-25 12:26 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-06 13:41 . 2008-03-06 13:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-05 17:06 . 2008-03-05 17:06 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008
2008-02-28 18:31 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-28 12:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-28 12:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-28 12:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 10:41 . 2008-02-27 10:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-27 10:41 . 2008-02-27 10:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 09:32 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 09:31 . 2008-02-27 09:31 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 09:13 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Windows Live
2008-02-27 09:13 . 2008-02-27 09:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 09:13 . 2008-02-27 09:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 11:42 --------- d-----w C:\Program Files\SAV
2008-03-19 11:23 --------- d-----w C:\Documents and Settings\R&D\Application Data\SolidWorks
2008-03-19 09:45 --------- d-----w C:\Program Files\eMule
2008-03-14 13:29 --------- d-----w C:\Documents and Settings\R&D\Application Data\AdobeUM
2008-03-14 09:54 --------- d-----w C:\Program Files\Google
2008-03-13 08:50 --------- d-----w C:\Program Files\Tribook.Net
2008-03-10 13:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-10 08:32 --------- d-----w C:\Program Files\Java
2008-03-05 16:06 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-05 09:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 12:43 --------- d-----w C:\Program Files\Solidworks 2007
2008-02-13 11:34 --------- d-----w C:\Documents and Settings\R&D\Application Data\Grisoft
2008-02-13 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 09:25 --------- d-----w C:\Program Files\QuickTime
2008-02-11 09:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-11 09:20 --------- d-----w C:\Program Files\Fichiers communs\SmartCom
2008-02-11 09:16 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-02-07 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-05 15:38 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
2008-02-05 11:03 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 12:38 --------- d-----w C:\Documents and Settings\R&D\Application Data\Autodesk
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 16:19 --------- d-----w C:\Program Files\SmartCom
2008-01-31 11:14 --------- d-----w C:\Program Files\Autodesk
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 06:15 7634944]
"nwiz"="nwiz.exe" [2007-03-19 06:15 1622016 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 15:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-11-16 12:23 48800]
"vptray"="C:\PROGRA~1\SAV\VPTray.exe" [2005-12-27 08:20 85648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 06:15 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 11:34 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"708c159f"="C:\WINDOWS\system32\qmmcrvrd.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtrro]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 11:39]
R0 WPXT;WinPcap Packet Driver (WPXT);C:\WINDOWS\system32\drivers\WPXT.sys [2007-07-17 09:22]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\flexlm\lmgrd.exe [2003-03-26 08:00]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 10:43]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98b4298-f311-11db-b56e-a888e35ac908}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PFW.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-13 20:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 12:41:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SAV\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SAV\Rtvscan.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-19 12:45:50 - machine was rebooted [R&D]
ComboFix-quarantined-files.txt 2008-03-19 11:45:47
ComboFix2.txt 2008-03-05 16:17:44
ComboFix3.txt 2008-03-05 13:12:53
ComboFix4.txt 2008-03-05 09:10:11
ComboFix5.txt 2008-02-12 16:10:14
.
2008-03-12 17:41:28 --- E O F ---
ComboFix 08-03-18.1 - R&D 2008-03-19 12:35:18.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1316 [GMT 1:00]
Endroit: C:\Documents and Settings\R&D\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-14 10:52 . 2008-03-19 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-13 09:50 . 2008-03-13 09:52 <REP> d-------- C:\Program Files\EasyPHP1-8
2008-03-10 18:05 . 2008-03-12 16:42 19,108,045 --a------ C:\upload_moi_RETD.tar.gz
2008-03-10 14:28 . 2008-03-10 14:28 <REP> d-------- C:\Program Files\Bonjour
2008-03-10 14:21 . 2008-03-10 14:21 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-10 11:22 . 2008-03-10 11:39 <REP> d-------- C:\Program Files\PhotoFiltre
2008-03-10 09:13 . 2008-03-10 09:13 <REP> d-------- C:\Program Files\CleanUp!
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\R&D\Application Data\DassaultSystemes
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-06 13:41 . 2007-04-25 10:38 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-06 13:41 . 2007-04-25 12:26 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-06 13:41 . 2008-03-06 13:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-05 17:06 . 2008-03-05 17:06 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008
2008-02-28 18:31 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-28 12:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-28 12:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-28 12:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 10:41 . 2008-02-27 10:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-27 10:41 . 2008-02-27 10:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 09:32 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 09:31 . 2008-02-27 09:31 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 09:13 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Windows Live
2008-02-27 09:13 . 2008-02-27 09:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 09:13 . 2008-02-27 09:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 11:42 --------- d-----w C:\Program Files\SAV
2008-03-19 11:23 --------- d-----w C:\Documents and Settings\R&D\Application Data\SolidWorks
2008-03-19 09:45 --------- d-----w C:\Program Files\eMule
2008-03-14 13:29 --------- d-----w C:\Documents and Settings\R&D\Application Data\AdobeUM
2008-03-14 09:54 --------- d-----w C:\Program Files\Google
2008-03-13 08:50 --------- d-----w C:\Program Files\Tribook.Net
2008-03-10 13:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-10 08:32 --------- d-----w C:\Program Files\Java
2008-03-05 16:06 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-05 09:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 12:43 --------- d-----w C:\Program Files\Solidworks 2007
2008-02-13 11:34 --------- d-----w C:\Documents and Settings\R&D\Application Data\Grisoft
2008-02-13 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 09:25 --------- d-----w C:\Program Files\QuickTime
2008-02-11 09:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-11 09:20 --------- d-----w C:\Program Files\Fichiers communs\SmartCom
2008-02-11 09:16 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-02-07 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-05 15:38 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
2008-02-05 11:03 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 12:38 --------- d-----w C:\Documents and Settings\R&D\Application Data\Autodesk
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 16:19 --------- d-----w C:\Program Files\SmartCom
2008-01-31 11:14 --------- d-----w C:\Program Files\Autodesk
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 06:15 7634944]
"nwiz"="nwiz.exe" [2007-03-19 06:15 1622016 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 15:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-11-16 12:23 48800]
"vptray"="C:\PROGRA~1\SAV\VPTray.exe" [2005-12-27 08:20 85648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 06:15 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 11:34 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"708c159f"="C:\WINDOWS\system32\qmmcrvrd.dll" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtrro]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 11:39]
R0 WPXT;WinPcap Packet Driver (WPXT);C:\WINDOWS\system32\drivers\WPXT.sys [2007-07-17 09:22]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\flexlm\lmgrd.exe [2003-03-26 08:00]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 10:43]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98b4298-f311-11db-b56e-a888e35ac908}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PFW.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-13 20:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 12:41:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SAV\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SAV\Rtvscan.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-19 12:45:50 - machine was rebooted [R&D]
ComboFix-quarantined-files.txt 2008-03-19 11:45:47
ComboFix2.txt 2008-03-05 16:17:44
ComboFix3.txt 2008-03-05 13:12:53
ComboFix4.txt 2008-03-05 09:10:11
ComboFix5.txt 2008-02-12 16:10:14
.
2008-03-12 17:41:28 --- E O F ---
Re ,
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\system32\qmmcrvrd.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"708c159f"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtrro]
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
A+
Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )
File::
C:\WINDOWS\system32\qmmcrvrd.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"708c159f"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtrro]
Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
A+
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
19 mars 2008 à 18:47
19 mars 2008 à 18:47
Nouveau petit rapport et Combo Fix:
ComboFix 08-03-18.1 - R&D 2008-03-19 18:37:44.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1128 [GMT 1:00]
Endroit: C:\Documents and Settings\R&D\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\R&D\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\qmmcrvrd.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-14 10:52 . 2008-03-19 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-13 09:50 . 2008-03-13 09:52 <REP> d-------- C:\Program Files\EasyPHP1-8
2008-03-10 18:05 . 2008-03-12 16:42 19,108,045 --a------ C:\upload_moi_RETD.tar.gz
2008-03-10 14:28 . 2008-03-10 14:28 <REP> d-------- C:\Program Files\Bonjour
2008-03-10 14:21 . 2008-03-10 14:21 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-10 11:22 . 2008-03-10 11:39 <REP> d-------- C:\Program Files\PhotoFiltre
2008-03-10 09:13 . 2008-03-10 09:13 <REP> d-------- C:\Program Files\CleanUp!
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\R&D\Application Data\DassaultSystemes
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-06 13:41 . 2007-04-25 10:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-06 13:41 . 2007-04-25 12:26 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-06 13:41 . 2008-03-06 13:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-05 17:06 . 2008-03-05 17:06 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008
2008-02-28 18:31 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-28 12:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-28 12:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-28 12:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 10:41 . 2008-02-27 10:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-27 10:41 . 2008-02-27 10:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 09:32 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 09:31 . 2008-02-27 09:31 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 09:13 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Windows Live
2008-02-27 09:13 . 2008-02-27 09:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 09:13 . 2008-02-27 09:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 13:02 --------- d-----w C:\Documents and Settings\R&D\Application Data\SolidWorks
2008-03-19 12:47 --------- d-----w C:\Program Files\eMule
2008-03-19 12:43 --------- d-----w C:\Program Files\SAV
2008-03-14 13:29 --------- d-----w C:\Documents and Settings\R&D\Application Data\AdobeUM
2008-03-14 09:54 --------- d-----w C:\Program Files\Google
2008-03-13 08:50 --------- d-----w C:\Program Files\Tribook.Net
2008-03-10 13:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-10 08:32 --------- d-----w C:\Program Files\Java
2008-03-05 16:06 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-05 09:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 17:02 1,953,792 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-13 12:43 --------- d-----w C:\Program Files\Solidworks 2007
2008-02-13 11:34 --------- d-----w C:\Documents and Settings\R&D\Application Data\Grisoft
2008-02-13 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 09:25 --------- d-----w C:\Program Files\QuickTime
2008-02-11 09:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-11 09:20 --------- d-----w C:\Program Files\Fichiers communs\SmartCom
2008-02-11 09:16 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-02-08 15:23 5,636,096 ----a-w C:\WINDOWS\system32\7A7.tmp
2008-02-07 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-05 15:38 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
2008-02-05 11:03 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 12:38 --------- d-----w C:\Documents and Settings\R&D\Application Data\Autodesk
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 16:19 --------- d-----w C:\Program Files\SmartCom
2008-01-31 11:14 --------- d-----w C:\Program Files\Autodesk
2008-01-30 15:55 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-01-30 08:07 121,824 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_29_17_40_31_small.dmp.zip
2008-01-23 08:05 120,645 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_22_16_44_02_small.dmp.zip
2008-01-14 08:05 2,698,399 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-04 15:02 16,689,716 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_04_16_59_51_full.dmp.zip
2007-10-04 15:01 120,132 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_04_16_59_32_small.dmp.zip
2007-07-24 15:51 1,496,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-07-19 14:00 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-07-19 13:58 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-07-19 13:56 1,444,352 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2001-01-23 11:34 371,693 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe.Font.Folio.v8.0.Reg.File.Fix-SHOCK\shkffreg.zip
2001-01-23 11:34 371,693 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\Adobe.Font.Folio.v8.0.Reg.File.Fix-SHOCK\shkffreg.zip
1997-10-15 12:39 8,192 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\_isdel.exe
1997-10-15 12:39 8,192 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\_isdel.exe
1997-10-15 12:39 6,128 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\_setup.dll
1997-10-15 12:39 6,128 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\_setup.dll
1997-10-15 12:39 44,928 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\setup.exe
1997-10-15 12:39 44,928 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\setup.exe
1996-06-24 02:00 65,200 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\REGISTER.EXE
1996-06-24 02:00 65,200 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\REGISTER.EXE
1996-06-24 02:00 34,672 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\SSLIB.DLL
1996-06-24 02:00 34,672 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\SSLIB.DLL
1996-06-24 02:00 270,400 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_95\INSTALL.EXE
1996-06-24 02:00 270,400 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_95\INSTALL.EXE
1996-06-24 02:00 20,208 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\CRAMAPI.DLL
1996-06-24 02:00 20,208 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\CRAMAPI.DLL
1996-06-24 02:00 193,536 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\PIPELINE.DLL
1996-06-24 02:00 193,536 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\PIPELINE.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 06:15 7634944]
"nwiz"="nwiz.exe" [2007-03-19 06:15 1622016 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 15:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-11-16 12:23 48800]
"vptray"="C:\PROGRA~1\SAV\VPTray.exe" [2005-12-27 08:20 85648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 06:15 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 11:34 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 20:18:22 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 18:15:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 10:52:53 125624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 11:39]
R0 WPXT;WinPcap Packet Driver (WPXT);C:\WINDOWS\system32\drivers\WPXT.sys [2007-07-17 09:22]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\flexlm\lmgrd.exe [2003-03-26 08:00]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 10:43]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98b4298-f311-11db-b56e-a888e35ac908}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PFW.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-13 20:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:41:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-19 18:42:22
ComboFix-quarantined-files.txt 2008-03-19 17:42:19
ComboFix2.txt 2008-03-19 11:45:51
ComboFix3.txt 2008-03-05 16:17:44
ComboFix4.txt 2008-03-05 13:12:53
ComboFix5.txt 2008-03-05 09:10:11
.
2008-03-12 17:41:28 --- E O F ---
Et HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:38, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SAV\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\flexlm\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Solidworks 2007\sldworks.exe
C:\DOCUME~1\R&D\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ComboFix 08-03-18.1 - R&D 2008-03-19 18:37:44.6 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1128 [GMT 1:00]
Endroit: C:\Documents and Settings\R&D\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\R&D\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\WINDOWS\system32\qmmcrvrd.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.
2008-03-14 10:52 . 2008-03-19 11:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-13 09:50 . 2008-03-13 09:52 <REP> d-------- C:\Program Files\EasyPHP1-8
2008-03-10 18:05 . 2008-03-12 16:42 19,108,045 --a------ C:\upload_moi_RETD.tar.gz
2008-03-10 14:28 . 2008-03-10 14:28 <REP> d-------- C:\Program Files\Bonjour
2008-03-10 14:21 . 2008-03-10 14:21 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-03-10 11:22 . 2008-03-10 11:39 <REP> d-------- C:\Program Files\PhotoFiltre
2008-03-10 09:13 . 2008-03-10 09:13 <REP> d-------- C:\Program Files\CleanUp!
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\R&D\Application Data\DassaultSystemes
2008-03-07 10:30 . 2008-03-07 10:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-06 13:41 . 2007-04-25 10:38 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-06 13:41 . 2007-04-25 12:26 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-06 13:41 . 2007-04-25 12:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-03-06 13:41 . 2008-03-06 13:50 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-05 17:06 . 2008-03-05 17:06 <REP> d-------- C:\Program Files\Fichiers communs\eDrawings2008
2008-02-28 18:31 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-28 12:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-28 12:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-28 12:15 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-27 10:41 . 2008-02-27 10:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-27 10:41 . 2008-02-27 10:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-27 09:32 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-27 09:31 . 2008-02-27 09:31 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 09:13 . 2008-02-28 18:31 <REP> d-------- C:\Program Files\Windows Live
2008-02-27 09:13 . 2008-02-27 09:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-27 09:13 . 2008-02-27 09:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 13:02 --------- d-----w C:\Documents and Settings\R&D\Application Data\SolidWorks
2008-03-19 12:47 --------- d-----w C:\Program Files\eMule
2008-03-19 12:43 --------- d-----w C:\Program Files\SAV
2008-03-14 13:29 --------- d-----w C:\Documents and Settings\R&D\Application Data\AdobeUM
2008-03-14 09:54 --------- d-----w C:\Program Files\Google
2008-03-13 08:50 --------- d-----w C:\Program Files\Tribook.Net
2008-03-10 13:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-10 08:32 --------- d-----w C:\Program Files\Java
2008-03-05 16:06 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-05 09:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-04 17:02 1,953,792 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-13 12:43 --------- d-----w C:\Program Files\Solidworks 2007
2008-02-13 11:34 --------- d-----w C:\Documents and Settings\R&D\Application Data\Grisoft
2008-02-13 11:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-11 09:25 --------- d-----w C:\Program Files\QuickTime
2008-02-11 09:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-11 09:20 --------- d-----w C:\Program Files\Fichiers communs\SmartCom
2008-02-11 09:16 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-02-08 15:23 5,636,096 ----a-w C:\WINDOWS\system32\7A7.tmp
2008-02-07 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-05 15:38 --------- d-----w C:\Program Files\Fichiers communs\SolidWorks Shared
2008-02-05 11:03 --------- d-----w C:\Program Files\Trend Micro
2008-02-04 12:38 --------- d-----w C:\Documents and Settings\R&D\Application Data\Autodesk
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-31 16:19 --------- d-----w C:\Program Files\SmartCom
2008-01-31 11:14 --------- d-----w C:\Program Files\Autodesk
2008-01-30 15:55 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-01-30 08:07 121,824 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_29_17_40_31_small.dmp.zip
2008-01-23 08:05 120,645 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_01_22_16_44_02_small.dmp.zip
2008-01-14 08:05 2,698,399 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-04 15:02 16,689,716 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_04_16_59_51_full.dmp.zip
2007-10-04 15:01 120,132 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_04_16_59_32_small.dmp.zip
2007-07-24 15:51 1,496,064 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-07-19 14:00 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-07-19 13:58 1,443,328 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-07-19 13:56 1,444,352 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2001-01-23 11:34 371,693 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe.Font.Folio.v8.0.Reg.File.Fix-SHOCK\shkffreg.zip
2001-01-23 11:34 371,693 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\Adobe.Font.Folio.v8.0.Reg.File.Fix-SHOCK\shkffreg.zip
1997-10-15 12:39 8,192 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\_isdel.exe
1997-10-15 12:39 8,192 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\_isdel.exe
1997-10-15 12:39 6,128 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\_setup.dll
1997-10-15 12:39 6,128 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\_setup.dll
1997-10-15 12:39 44,928 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\setup.exe
1997-10-15 12:39 44,928 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\setup.exe
1996-06-24 02:00 65,200 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\REGISTER.EXE
1996-06-24 02:00 65,200 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\REGISTER.EXE
1996-06-24 02:00 34,672 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\SSLIB.DLL
1996-06-24 02:00 34,672 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\SSLIB.DLL
1996-06-24 02:00 270,400 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_95\INSTALL.EXE
1996-06-24 02:00 270,400 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_95\INSTALL.EXE
1996-06-24 02:00 20,208 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\CRAMAPI.DLL
1996-06-24 02:00 20,208 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\CRAMAPI.DLL
1996-06-24 02:00 193,536 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\atm_NT\PIPELINE.DLL
1996-06-24 02:00 193,536 ----a-w C:\WINDOWS\Fonts\Adobe Font Folio 9\Adobe Font Folio 9\atm_NT\PIPELINE.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 06:15 7634944]
"nwiz"="nwiz.exe" [2007-03-19 06:15 1622016 C:\WINDOWS\system32\nwiz.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 15:00 282624 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-11-16 12:23 48800]
"vptray"="C:\PROGRA~1\SAV\VPTray.exe" [2005-12-27 08:20 85648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-19 06:15 86016]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-21 11:34 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 11:00 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 20:18:22 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 18:15:56 65588]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 10:52:53 125624]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys [2003-04-27 11:39]
R0 WPXT;WinPcap Packet Driver (WPXT);C:\WINDOWS\system32\drivers\WPXT.sys [2007-07-17 09:22]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\flexlm\lmgrd.exe [2003-03-26 08:00]
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys [2003-04-27 10:43]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-20 14:50]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98b4298-f311-11db-b56e-a888e35ac908}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PFW.pif
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-13 20:26:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 18:41:44
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-19 18:42:22
ComboFix-quarantined-files.txt 2008-03-19 17:42:19
ComboFix2.txt 2008-03-19 11:45:51
ComboFix3.txt 2008-03-05 16:17:44
ComboFix4.txt 2008-03-05 13:12:53
ComboFix5.txt 2008-03-05 09:10:11
.
2008-03-12 17:41:28 --- E O F ---
Et HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:38, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SAV\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\flexlm\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\flexlm\SW_D.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Solidworks 2007\sldworks.exe
C:\DOCUME~1\R&D\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\lmgrd.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re , !
Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
# Double clique sur ToolsCleaner2.exe >
# Clique sur .Recherche
# puis sur Suppression quand la liste est trouvée.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
# Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
*******************************
Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.
Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.
*****************************
Télécharge Spybot (-> Scan passif + Résident )
+
Télécharge SpywareGuard ( ce logiciel complete très bien Spybot)
+
Eventuellement Spyware blaster
-------------Infos-------------
Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention ( merci espion3004 )
*****************
Pourquoi sécuriser mon pc ?
Trojan ? =/
**************
A + + =)
Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
# Double clique sur ToolsCleaner2.exe >
# Clique sur .Recherche
# puis sur Suppression quand la liste est trouvée.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
# Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :
CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera re-apparaître le Bureau
Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
*******************************
Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la, ce qui créer un point de restauration sain...
Désactivation :
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique patiente jusqu’à ce que cela soit marqué "désactivé" puis Ok.
Activation :
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
> Applique attends que cela soit à nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur.
*****************************
Télécharge Spybot (-> Scan passif + Résident )
+
Télécharge SpywareGuard ( ce logiciel complete très bien Spybot)
+
Eventuellement Spyware blaster
-------------Infos-------------
Ce lien explique ce que sont les pirates , leurs méthodes , comment les contrer , et la prévention ( merci espion3004 )
*****************
Pourquoi sécuriser mon pc ?
Trojan ? =/
**************
A + + =)
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
20 mars 2008 à 13:59
20 mars 2008 à 13:59
Merci beaucoup cyrildu17 pour tes compétences et ta patience! :-)
J'espèrais qu'on pouvait atteindre la 100ème réponse mais ce sera pour une prochaine fois...
J'ai installé tous les logiciels que tu m'as conseillé en espérant ne pas me faire avoir une nouvelle fois.
:-)
J'espèrais qu'on pouvait atteindre la 100ème réponse mais ce sera pour une prochaine fois...
J'ai installé tous les logiciels que tu m'as conseillé en espérant ne pas me faire avoir une nouvelle fois.
:-)
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
20 mars 2008 à 14:09
20 mars 2008 à 14:09
Par contre, je ne trouve pas le bouton sur lequel je dois cliquer pour mettre le message en "résolu" vu que j'ai posté en anonyme au début...
Re , de rien =)
Au dessus du sujet , il a normalement une bande orange avec la possibiblité de mettre en résolu ..
Non ?
Au dessus du sujet , il a normalement une bande orange avec la possibiblité de mettre en résolu ..
Non ?
coc83
Messages postés
28
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
25 mars 2008
25 mars 2008 à 13:46
25 mars 2008 à 13:46
Nan justement j'ai pas la bande orange...
Bonjour,
je suis complètement désespérée, ca fait deux jours que j'essaye de retirer ces trojans de mon ordi! J'ai tout essayé formater = impossible, installer spyware doctor = impossible, j'ai pu internet, l'ordi fait que de planter! C'est la cata!!! Je remercie mille fois d'avance celui qui pourra m'aider!
Voilà le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:59, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sébastien Habillon\Application Data\U3\000018394773E8B1\LaunchPad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\DOCUME~1\SBASTI~1\LOCALS~1\Temp\Rar$EX13.703\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevhomepage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10B294F2-F790-A3F0-54A6-6005D1C61B79} - C:\DOCUME~1\SBASTI~1\APPLIC~1\01JOY\COOLFACE.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 900053 helper - {94FEA8C1-0D9C-4D8D-A411-33DA3C2C567A} - C:\WINDOWS\system32\900053\900053.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [2 creative chin cake] C:\Documents and Settings\All Users\Application Data\1 proc 2 creative\sect ping.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysftray2] C:\windows\bolivar30.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ViewMode] C:\DOCUME~1\SBASTI~1\APPLIC~1\ONCEDO~1\Inside Readme.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [iymaeyu] "c:\documents and settings\sébastien habillon\local settings\application data\iymaeyu.exe" iymaeyu
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
je suis complètement désespérée, ca fait deux jours que j'essaye de retirer ces trojans de mon ordi! J'ai tout essayé formater = impossible, installer spyware doctor = impossible, j'ai pu internet, l'ordi fait que de planter! C'est la cata!!! Je remercie mille fois d'avance celui qui pourra m'aider!
Voilà le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:59, on 22/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Sébastien Habillon\Application Data\U3\000018394773E8B1\LaunchPad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\DOCUME~1\SBASTI~1\LOCALS~1\Temp\Rar$EX13.703\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prevhomepage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10B294F2-F790-A3F0-54A6-6005D1C61B79} - C:\DOCUME~1\SBASTI~1\APPLIC~1\01JOY\COOLFACE.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 900053 helper - {94FEA8C1-0D9C-4D8D-A411-33DA3C2C567A} - C:\WINDOWS\system32\900053\900053.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [2 creative chin cake] C:\Documents and Settings\All Users\Application Data\1 proc 2 creative\sect ping.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysftray2] C:\windows\bolivar30.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ViewMode] C:\DOCUME~1\SBASTI~1\APPLIC~1\ONCEDO~1\Inside Readme.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [iymaeyu] "c:\documents and settings\sébastien habillon\local settings\application data\iymaeyu.exe" iymaeyu
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: Explorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.servicemenutool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe